Consider ‘Cyberspace’ as a battleground where computers and networks are saved or compromised everyday. Until recently, the struggle had been more or less equal, but now a new and a more powerful weapon is in use – The Rootkit.
Rootkit is the perfect utility, that makes a hackers life easy. An ‘opportunity for mal-ware writers’ is probably an apt definition of a rootkit. These tools enable administrator-level access to a computer or computer network. Root-kits have become more common and their sources increasingly difficult to identify. They leverage security exploits and trojans to deceive a user into trusting the installation is not malign.
Rootkit Hunter(rkhunter) is a Unix tool that scans for rootkits, trojans, backdoors and similar exploits. The tool is released under GPL license, and hence is a free tool. Actually it’s a shell script that performs various checks on the system and detects the presence of known rootkits and malware. It performs various checks to see if system binaries have been modified, if the system startup files have been tampered, and if active processes are malicious in nature. The reports of the checks are usually brief, yet helpful in validating the sanity of a local machine/server.
Ever heard of a situation where a security expert/data-center asks to re-install the OS of a server for security reasons? That sounds like(and in fact is) a drastic situation, and it does happen. The risk of living with a server that was once compromised is very high. The risk it is due to the possibility of a rootkit implanted in the server. Unfortunately the only proven recovery method would be a clean install of the OS.
What is Rootkit
Root-kit typically is a malware that is stealthy in nature. They are usually hard to detect, and harder to remove. A rootkit can potentially hide almost any software; including files, botnets, key-loggers and back-doors. Root-kits are implanted in a system by an attacker who gains access to the system using some inherent vulnerability in the system.
RootKits – An Introduction was last modified: July 19th, 2017 by Hamish Oscar Lawrence
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.